This PR is adding support for untrusted certificate authorities during the remote reindex migration to the datanode. The connection check step is now reporting that none of our trust managers is trusting the remote host. Then, user can :heavy_check_mark: the trust unknown certificates checkbox. Connection check is then using a trust manager that accepts all certificates and reports unknown. These unknown certificates are then transported, together with the allowlist value, to the datanode. Datanode takes these certificates and adds them to its truststore. The truststore is regenerated during each startup, so these certificates will disappear with the next process restart and won't stay there forever.
Description
This PR is adding support for untrusted certificate authorities during the remote reindex migration to the datanode. The connection check step is now reporting that none of our trust managers is trusting the remote host. Then, user can :heavy_check_mark: the
trust unknown certificates
checkbox. Connection check is then using a trust manager that accepts all certificates and reports unknown. These unknown certificates are then transported, together with the allowlist value, to the datanode. Datanode takes these certificates and adds them to its truststore. The truststore is regenerated during each startup, so these certificates will disappear with the next process restart and won't stay there forever.Motivation and Context
Fixes https://github.com/Graylog2/graylog2-server/issues/19759
How Has This Been Tested?
Manually, added unit tests.
Screenshots (if appropriate):
Types of changes
Checklist: